iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Namjae Jeon 851c34f19c ksmbd: do not allow the actual frame length to be smaller than the rfc1002 length 
commit fb533473d1595fe79ecb528fda1de33552b07178 upstream.

ksmbd allowed the actual frame length to be smaller than the rfc1002
length. If allowed, it is possible to allocates a large amount of memory
that can be limited by credit management and can eventually cause memory
exhaustion problem. This patch do not allow it except SMB2 Negotiate
request which will be validated when message handling proceeds.
Also, Allow a message that padded to 8byte boundary.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-03-10 09:39:57 +01:00
..
9p
9p: fix a bunch of checkpatch warnings
2022-08-17 14:24:07 +02:00
adfs
affs
affs: initialize fsdata in affs_truncate()
2023-02-01 08:27:06 +01:00
afs
afs: Fix lost servers_outstanding count
2022-12-31 13:14:45 +01:00
autofs
autofs: fix wait name hash calculation in autofs_wait()
2021-10-20 21:09:02 -04:00
befs
isystem: ship and use stdarg.h
2021-08-19 09:02:55 +09:00
bfs
btrfs
btrfs: hold block group refcount during async discard
2023-03-10 09:39:56 +01:00
cachefiles
fs: add is_idmapped_mnt() helper
2022-07-02 16:41:14 +02:00
ceph
ceph: flush cap releases when the session is flushed
2023-02-14 19:18:03 +01:00
cifs
cifs: Fix uninitialized memory read in smb3_qfs_tcon()
2023-03-10 09:39:56 +01:00
coda
coda: Avoid partial allocation of sig_inputArgs
2023-03-10 09:39:50 +01:00
configfs
configfs: fix possible memory leak in configfs_create_dir()
2022-12-31 13:14:15 +01:00
cramfs
crypto
fscrypt: fix keyring memory leak on mount failure
2022-11-10 18:15:37 +01:00
debugfs
debugfs: fix error when writing negative value to atomic_t debugfs file
2022-12-31 13:14:03 +01:00
devpts
fsnotify: fix fsnotify hooks in pseudo filesystems
2022-02-01 17:27:01 +01:00
dlm
fs: dlm: retry accept() until -EAGAIN or error returns
2023-01-12 11:58:51 +01:00
ecryptfs
fs: add is_idmapped_mnt() helper
2022-07-02 16:41:14 +02:00
efivarfs
efs
erofs
erofs/zmap.c: Fix incorrect offset calculation
2023-02-06 07:59:00 +01:00
exfat
exfat: use updated exfat_chain directly during renaming
2022-07-29 17:25:30 +02:00
exportfs
exportfs: support idmapped mounts
2022-06-09 10:23:32 +02:00
ext2
ext2: Use kvmalloc() for group descriptor array
2022-10-26 12:35:51 +02:00
ext4
ext4: Fix function prototype mismatch for ext4_feat_ktype
2023-02-25 12:06:45 +01:00
f2fs
f2fs: fix to do sanity check on i_extra_isize in is_alive()
2023-02-09 11:26:47 +01:00
fat
fat: add ratelimit to fat*_ent_bread()
2022-06-09 10:22:42 +02:00
freevxfs
fscache
fscache: Remove an unused static variable
2021-10-04 22:13:12 +01:00
fuse
fuse: lock inode unconditionally in fuse_fallocate()
2022-12-02 17:41:11 +01:00
gfs2
gfs2: Improve gfs2_make_fs_rw error handling
2023-03-10 09:39:53 +01:00
hfs
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
2023-01-12 11:59:19 +01:00
hfsplus
hfs/hfsplus: use WARN_ON for sanity check
2023-01-12 11:59:18 +01:00
hostfs
hostfs: support splice_write
2021-08-26 22:28:02 +02:00
hpfs
hpfs: use iomap_fiemap to implement ->fiemap
2021-07-27 11:00:36 +02:00
hugetlbfs
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
2022-12-31 13:14:44 +01:00
iomap
iomap: iomap_write_failed fix
2022-06-09 10:22:55 +02:00
isofs
isofs: Fix out of bound access for corrupted isofs image
2021-11-12 15:05:50 +01:00
jbd2
jbd2: add miss release buffer head in fc_do_one_pass()
2022-10-26 12:34:28 +02:00
jffs2
jffs2: fix memory leak in jffs2_do_fill_super
2022-06-14 18:36:10 +02:00
jfs
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
2022-12-31 13:14:40 +01:00
kernfs
kernfs: fix use-after-free in __kernfs_remove
2022-11-03 23:59:13 +09:00
ksmbd
ksmbd: do not allow the actual frame length to be smaller than the rfc1002 length
2023-03-10 09:39:57 +01:00
lockd
lockd: set other missing fields when unlocking files
2022-12-31 13:14:05 +01:00
minix
minix: fix bug when opening a file with O_DIRECT
2022-04-13 20:59:10 +02:00
netfs
netfs: fix parameter of cleanup()
2021-12-29 12:28:59 +01:00
nfs
NFS: fix disabling of swap
2023-03-10 09:39:30 +01:00
nfs_common
nfs: Fix kerneldoc warning shown up by W=1
2021-10-04 22:02:17 +01:00
nfsd
nfsd: zero out pointers after putting nfsd_files on COPY setup error
2023-03-10 09:39:55 +01:00
nilfs2
nilfs2: fix underflow in second superblock position calculations
2023-02-22 12:57:10 +01:00
nls
notify
fsnotify: fix wrong lockdep annotations
2022-06-09 10:22:50 +02:00
ntfs
ntfs: check overflow when iterating ATTR_RECORDs
2022-11-26 09:24:52 +01:00
ntfs3
fs/ntfs3: Validate attribute data and valid sizes
2023-02-09 11:26:47 +01:00
ocfs2
ocfs2: fix memory leak in ocfs2_stack_glue_init()
2022-12-31 13:14:02 +01:00
omfs
openpromfs
orangefs
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
2022-12-31 13:14:44 +01:00
overlayfs
ovl: Use "buf" flexible array for memcpy() destination
2023-02-09 11:26:47 +01:00
proc
mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
2023-02-09 11:26:44 +01:00
pstore
pstore/zone: Use GFP_ATOMIC to allocate zone buffer
2023-01-12 11:58:46 +01:00
qnx4
qnx4: work around gcc false positive warning bug
2021-09-21 08:36:48 -07:00
qnx6
quota
ext4: fix bug_on in __es_tree_search caused by bad quota inode
2023-01-12 11:59:01 +01:00
ramfs
reiserfs
fs: reiserfs: remove useless new_opts in reiserfs_remount
2023-02-01 08:27:19 +01:00
romfs
smbfs_common
cifs: Fix crash on unload of cifs_arc4.ko
2021-12-14 10:57:12 +01:00
squashfs
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
2023-02-22 12:57:07 +01:00
sysfs
sysfs: Allow deferred execution of iomem_get_mapping()
2021-08-06 13:05:28 +02:00
sysv
fs: sysv: Fix sysv_nblocks() returns wrong value
2022-12-31 13:14:05 +01:00
tracefs
tracefs: Only clobber mode/uid/gid on remount if asked
2022-09-20 12:39:43 +02:00
ubifs
ubifs: rename_whiteout: correct old_dir size computing
2022-04-08 14:24:08 +02:00
udf
udf: Define EFSCORRUPTED error code
2023-03-10 09:39:46 +01:00
ufs
isystem: ship and use stdarg.h
2021-08-19 09:02:55 +09:00
unicode
vboxsf
vboxfs: fix broken legacy mount signature checking
2021-09-27 11:26:21 -07:00
verity
fs-verity: fix signed integer overflow with i_size near S64_MAX
2021-09-22 10:56:34 -07:00
xfs
xfs: don't leak btree cursor when insrec fails after a split
2023-02-22 12:57:04 +01:00
zonefs
zonefs: Detect append writes at invalid locations
2023-01-24 07:22:42 +01:00
aio.c
aio: fix mremap after fork null-deref
2023-02-22 12:57:05 +01:00
anon_inodes.c
attr.c
vfs: Check the truncate maximum size in inode_newsize_ok()
2022-08-17 14:22:50 +02:00
bad_inode.c
vfs: add rcu argument to ->get_acl() callback
2021-08-18 22:08:24 +02:00
binfmt_aout.c
binfmt: a.out: Fix bogus semicolon
2021-09-05 10:15:05 -07:00
binfmt_elf_fdpic.c
binfmt: Fix error return code in load_elf_fdpic_binary()
2023-01-12 11:58:46 +01:00
binfmt_elf.c
fs/binfmt_elf: Fix memory leak in load_elf_binary()
2022-11-03 23:59:12 +09:00
binfmt_flat.c
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
2022-06-09 10:22:26 +02:00
binfmt_misc.c
binfmt_misc: fix shift-out-of-bounds in check_special_flags
2022-12-31 13:14:39 +01:00
binfmt_script.c
buffer.c
mm: fs: initialize fsdata passed to write_begin/write_end interface
2022-11-26 09:24:51 +01:00
char_dev.c
chardev: fix error handling in cdev_device_add()
2022-12-31 13:14:30 +01:00
compat_binfmt_elf.c
coredump.c
coredump: Use the vma snapshot in fill_files_note
2022-04-08 14:24:18 +02:00
d_path.c
d_path: make 'prepend()' fill up the buffer exactly on overflow
2021-09-02 10:07:29 -07:00
dax.c
fsdax: Fix infinite loop in dax_iomap_rw()
2022-09-28 11:11:56 +02:00
dcache.c
direct-io.c
drop_caches.c
fs: drop_caches: fix skipping over shadow cache inodes
2021-09-03 09:58:10 -07:00
eventfd.c
eventfd: provide a eventfd_signal_mask() helper
2023-01-24 07:22:43 +01:00
eventpoll.c
eventpoll: add EPOLL_URING_WAKE poll wakeup flag
2023-01-24 07:22:43 +01:00
exec.c
exec: Copy oldsighand->action under spin-lock
2022-11-03 23:59:12 +09:00
fcntl.c
Merge branch 'akpm' (patches from Andrew)
2021-09-03 10:08:28 -07:00
fhandle.c
file_table.c
locks: fix TOCTOU race when granting write lease
2022-10-26 12:34:58 +02:00
file.c
fs: use acquire ordering in __fget_light()
2022-12-14 11:37:15 +01:00
filesystems.c
fs: simplify get_filesystem_list / get_all_fs_names
2021-08-23 01:25:40 -04:00
fs_context.c
vfs: fs_context: fix up param length parsing in legacy_parse_param
2022-01-20 09:13:14 +01:00
fs_parser.c
namei: Standardize callers of filename_lookup()
2021-09-07 16:07:47 -04:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
fs: do not update freeing inode i_io_list
2022-12-02 17:41:07 +01:00
fsopen.c
init.c
inode.c
fs: fix UAF/GPF bug in nilfs_mdt_destroy
2022-10-12 09:53:26 +02:00
internal.h
locks: fix TOCTOU race when granting write lease
2022-10-26 12:34:58 +02:00
ioctl.c
fs: fix an infinite loop in iomap_fiemap
2022-05-25 09:57:26 +02:00
Kconfig
4 cifs/smb3 fixes, one for DFS reconnect, and one to begin creating common headers for server and client and the other two to rename the cifs_common directory to smbfs_common to be more consistent ie change use of the name cifs to smb which is more accurate
2021-09-12 10:10:21 -07:00
Kconfig.binfmt
binfmt: remove support for em86 (alpha only)
2021-07-25 22:33:03 -07:00
kernel_read_file.c
vfs: check fd has read access in kernel_read_file_from_fd()
2021-10-18 20:22:03 -10:00
libfs.c
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
2022-12-31 13:14:03 +01:00
locks.c
filelock: new helper: vfs_inode_has_locks
2023-01-12 11:59:14 +01:00
Makefile
io_uring: move to separate directory
2022-12-14 11:37:31 +01:00
mbcache.c
mbcache: Avoid nesting of cache->c_list_lock under bit locks
2023-01-12 11:59:20 +01:00
mount.h
mpage.c
namei.c
mm: fs: initialize fsdata passed to write_begin/write_end interface
2022-11-26 09:24:51 +01:00
namespace.c
fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts
2022-08-31 17:16:37 +02:00
no-block.c
nsfs.c
open.c
locks: fix TOCTOU race when granting write lease
2022-10-26 12:34:58 +02:00
pipe.c
pipe: Fix missing lock in pipe_resize_ring()
2022-06-06 08:43:37 +02:00
pnode.c
pnode: terminate at peers of source
2023-01-12 11:58:47 +01:00
pnode.h
posix_acl.c
fs: fix acl translation
2022-07-02 16:41:17 +02:00
proc_namespace.c
fs: add is_idmapped_mnt() helper
2022-07-02 16:41:14 +02:00
read_write.c
vfs: fix copy_file_range() averts filesystem freeze protection
2022-12-19 12:36:39 +01:00
readdir.c
remap_range.c
fs/remap: constrain dedupe of EOF blocks
2022-07-21 21:24:14 +02:00
select.c
select: Fix indefinitely sleeping task in poll_schedule_timeout()
2022-01-29 10:58:25 +01:00
seq_file.c
rxrpc: Fix locking issue
2022-07-12 16:35:08 +02:00
signalfd.c
signalfd: use wake_up_pollfree()
2021-12-14 10:57:15 +01:00
splice.c
Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
2022-10-26 12:34:17 +02:00
stack.c
stat.c
stat: fix inconsistency between struct stat and struct compat_stat
2022-04-27 14:38:57 +02:00
statfs.c
super.c
fscrypt: fix keyring memory leak on mount failure
2022-11-10 18:15:37 +01:00
sync.c
vfs: make sync_filesystem return errors from ->sync_fs
2022-04-27 14:38:50 +02:00
timerfd.c
timerfd: Provide timerfd_resume()
2021-08-10 17:57:22 +02:00
userfaultfd.c
userfaultfd: open userfaultfds with O_RDONLY
2022-10-26 12:34:36 +02:00
utimes.c
xattr.c
fs: don't audit the capability check in simple_xattr_list()
2022-12-31 13:14:01 +01:00